公开(公告)号：US12164650B2

公开(公告)日：2024-12-10

申请号：US17482370

申请日：2021-09-22

Applicant: Intel Corporation

Inventor： Prashant Dewan ,  Baiju Patel

IPC: G06F21/60 ,  G06F12/02 ,  G06F12/14 ,  G06F13/28 ,  G06F15/78 ,  G06F21/10 ,  G06F21/62 ,  G06F21/79

Abstract: The disclosed embodiments are generally directed to inline encryption of data at line speed at a chip interposed between two memory components. The inline encryption may be implemented at a System-on-Chip (“SOC” or “SOC”). The memory components may comprise Non-Volatile Memory express (NVMe) and a dynamic random access memory (DRAM). An exemplary device includes an SOC to communicate with a Non-Volatile Memory NVMe circuitry to provide direct memory access (DMA) to an external memory component. The SOC may include: a cryptographic controller circuitry; a cryptographic memory circuitry in communication with the cryptographic controller, the cryptographic memory circuitry configured to store instructions to encrypt or decrypt data transmitted through the SOC; and an encryption engine in communication with the crypto controller circuitry, the encryption engine configured to encrypt or decrypt data according to instructions stored at the crypto memory circuitry. Other embodiments are also disclosed and claimed.

公开(公告)号：US20240176861A1

公开(公告)日：2024-05-30

申请号：US18387409

申请日：2023-11-06

Applicant: Intel Corporation

Inventor： Vincent R. Scarlata ,  Carlos V. Rozas ,  Baiju Patel ,  Barry E. Huntley ,  Ravi L. Sahita ,  Hormuzd M. Khosravi

IPC: G06F21/44 ,  G06F9/30

CPC classification number: G06F21/44 ,  G06F9/3016

Abstract: Data integrity logic is executable by a processor to generate a data integrity code using a hardware-based secret. A container manager, executable by the processor, creates a secured container including report generation logic that determines measurements of the secured container, generates a report according to a defined report format, and sends a quote request including the report. The defined report format includes a field to include the measurements and a field to include the data integrity code, and the report format is compatible for consumption by any one of a plurality of different quote creator types.

公开(公告)号：US11775652B2

公开(公告)日：2023-10-03

申请号：US17547739

申请日：2021-12-10

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/79 ,  G06F21/78 ,  G06F15/78

CPC classification number: G06F21/575 ,  G06F9/4413 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3278 ,  G06F2221/034

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US20220214976A1

公开(公告)日：2022-07-07

申请号：US17706396

申请日：2022-03-28

Applicant: Intel Corporation

Inventor： Hormuzd M. Khosravi ,  Baiju Patel ,  Ravi Sahita ,  Barry Huntley

IPC: G06F12/1036 ,  G06F12/1009 ,  G06F12/14 ,  G06F12/0891 ,  G06F21/79 ,  G06F21/62

Abstract: Embodiment of this disclosure provide techniques to support memory paging between trust domains (TDs) in computer systems. In one embodiment, a processing device including a memory controller and a memory paging circuit is provided. The memory paging circuit is to insert a transportable page into a memory location associated with a trust domain (TD), the transportable page comprises encrypted contents of a first memory page of the TD. The memory paging circuit is further to create a third memory page associated with the TD by binding the transportable page to the TD, binding the transportable page to the TD comprises re-encrypting contents of the transportable page based on a key associated with the TD and a physical address of the memory location. The memory paging circuit is further to access contents of the third memory page by decrypting the contents of the third memory page using the key associated with the TD.

公开(公告)号：US20220100866A1

公开(公告)日：2022-03-31

申请号：US17548938

申请日：2021-12-13

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  H04L9/14 ,  H04L9/32 ,  G06F21/60 ,  H04L9/08 ,  G06F9/4401

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.

公开(公告)号：US10853270B2

公开(公告)日：2020-12-01

申请号：US16717374

申请日：2019-12-17

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US10152430B2

公开(公告)日：2018-12-11

申请号：US15727810

申请日：2017-10-09

Applicant: Intel Corporation

Inventor： David M. Durham ,  Baiju Patel

IPC: G06F12/14 ,  G06F21/72 ,  G06F21/55 ,  H04L29/06

Abstract: A computing device includes technologies for securing indirect addresses (e.g., pointers) that are used by a processor to perform memory access (e.g., read/write/execute) operations. The computing device encodes the indirect address using metadata and a cryptographic algorithm. The metadata may be stored in an unused portion of the indirect address.

公开(公告)号：US09588771B2

公开(公告)日：2017-03-07

申请号：US13791298

申请日：2013-03-08

Applicant: Intel Corporation

Inventor： Hong Wang ,  John Shen ,  Hong Jiang ,  Richard Hankins ,  Per Hammarlund ,  Dion Rodgers ,  Gautham Chinya ,  Baiju Patel ,  Shiv Kaushik ,  Bryant Bigbee ,  Gad Sheaffer ,  Yoav Talgam ,  Yuval Yosef ,  James P. Held

IPC: G06F9/38 ,  G06F9/30 ,  G06T1/20

CPC classification number: G06F9/30145 ,  G06F9/30 ,  G06F9/30181 ,  G06F9/3877 ,  G06F9/3879 ,  G06T1/20

Abstract: In one embodiment, the present invention includes a method for directly communicating between an accelerator and an instruction sequencer coupled thereto, where the accelerator is a heterogeneous resource with respect to the instruction sequencer. An interface may be used to provide the communication between these resources. Via such a communication mechanism a user-level application may directly communicate with the accelerator without operating system support. Further, the instruction sequencer and the accelerator may perform operations in parallel. Other embodiments are described and claimed.

Abstract translation: 在一个实施例中，本发明包括一种用于在加速器和与其耦合的指令定序器之间直接通信的方法，其中加速器相对于指令定序器是异质资源。 可以使用接口来提供这些资源之间的通信。 通过这种通信机制，用户级应用可以直接与加速器进行通信，而无需操作系统支持。 此外，指令定序器和加速器可以并行地执行操作。 描述和要求保护其他实施例。

公开(公告)号：US12079341B2

公开(公告)日：2024-09-03

申请号：US17354733

申请日：2021-06-22

Applicant: Intel Corporation

Inventor： Kapil Sood ,  Ioannis T. Schoinas ,  Yu-Yuan Chen ,  Raghunandan Makaram ,  David J. Harriman ,  Baiju Patel ,  Ronald Perez ,  Matthew E. Hoekstra ,  Reshma Lal

IPC: G06F21/57 ,  G06F9/50 ,  G06F21/53 ,  G06F21/72 ,  G06F21/85

CPC classification number: G06F21/57 ,  G06F9/505 ,  G06F21/53 ,  G06F21/72 ,  G06F21/85 ,  G06F2221/034

Abstract: In one embodiment, an apparatus comprises a processor to: receive a request to configure a secure execution environment for a first workload; configure a first set of secure execution enclaves for execution of the first workload, wherein the first set of secure execution enclaves is configured on a first set of processing resources, wherein the first set of processing resources comprises one or more central processing units and one or more accelerators; configure a first set of secure datapaths for communication among the first set of secure execution enclaves during execution of the first workload, wherein the first set of secure datapaths is configured over a first set of interconnect resources; configure the secure execution environment for the first workload, wherein the secure execution environment comprises the first set of secure execution enclaves and the first set of secure datapaths.

公开(公告)号：US11847228B2

公开(公告)日：2023-12-19

申请号：US17548938

申请日：2021-12-13

Applicant: Intel Corporation

Inventor： Baiju Patel ,  Prashant Dewan

IPC: G06F21/57 ,  G06F9/4401 ,  G06F21/60 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  G06F21/71 ,  G06F21/79 ,  G06F21/78 ,  G06F15/78

CPC classification number: G06F21/575 ,  G06F9/4413 ,  G06F21/602 ,  H04L9/0861 ,  H04L9/14 ,  H04L9/3278 ,  G06F2221/034

Abstract: An apparatus to facilitate security within a computing system is disclosed. The apparatus includes a storage drive, a controller, comprising a trusted port having one or more key slots to program one or more cryptographic keys and an encryption engine to receive the cryptographic keys via the one or more key slots, encrypt data written to the storage drive using the cryptographic keys and decrypt data read from the storage drive using the cryptographic keys.